President Biden Issues Executive Order to Bolster U.S Port Cybersecurity
Today, the Biden-Harris Administration will issue an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity, fortify our supply chains and strengthen the United States industrial base. The Administration will also announce its intent to bring domestic onshore manufacturing capacity back to America to provide safe, secure cranes to U.S. ports – thanks to an over $20 billion investment in U.S. port infrastructure under President Biden’s Investing in America Agenda. Today’s actions are clear examples of the President’s work to invest in America, secure the country’s supply chains, and strengthen the cybersecurity of our nation’s critical infrastructure against 21st century threats – priorities his Administration has focused on relentlessly since taking office.
America’s prosperity is directly linked to maritime trade and the integrated network of ports, terminals, vessels, waterways, and land-side connections that constitute the Nation’s Marine Transportation System (MTS). This complex system supports $5.4 trillion worth of economic activity each year, contributes to the employment of more than 31 million Americans, and supports nearly 95% of cargo entering the U.S.
The security of our critical infrastructure remains a national imperative in an increasingly complex threat environment. MTS owners and operators rely on digital systems to enable their operations, to include ship navigation, the movement of cargo, engineering, safety, and security monitoring. These systems have revolutionized the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans.
The actions include:
President Biden will sign an Executive Order to bolster the Department of Homeland Security’s authority to directly address maritime cyber threats, including through cybersecurity standards to ensure that American ports’ networks and systems are secure. Now, the U.S. Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor. The Executive Order will also institute mandatory reporting of cyber incidents – or active cyber threats – endangering any vessel, harbor, port, or waterfront facility. Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and be able to inspect those vessels and facilities that pose a threat to our cybersecurity.
The U.S. Coast Guard will issue a Maritime Security Directive on cyber risk management actions for ship-to-shore cranes manufactured by the People’s Republic of China located at U.S. Commercial Strategic Seaports. Owners and operators of these cranes must acknowledge the directive and take a series of actions on these cranes and associated Information Technology (IT) and Operational Technology (OT) systems. This action is a vital step to securing our maritime infrastructure’s digital ecosystem and addresses several vulnerabilities that have been identified in the updated U.S. Maritime Advisory, 2024-00X – Worldwide Foreign Adversarial Technological, Physical, and Cyber Influence, that was released today.
The U.S. Coast Guard has issued a Notice of Proposed Rulemakingon Cybersecurity in the Marine Transportation System. Every day malicious cyber actors attempt to gain unauthorized access to MTS control systems and networks throughout the nation. The Proposed Rule will strengthen these digital systems by establishing minimum cybersecurity requirements that meet international and industry-recognized standards to best manage cyber threats. These actions build on prior actions by DHS including those taken by the Transportation Security Administration, and reflect the Administration’s commitment to leverage regulatory requirements in pursuit of safeguarding critical infrastructure.